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POLYMORPHIC TOKEN BASED CONTROL 
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Leasing of Delegation Certificates in a Distributed System," bearing attorney docket no. 
06502.001 1-02000, and filed on the same date herewith. 

U.S. Patent Application No. 09/044,834, entitled "Method, Apparatus and Product for 
Leasing of Group Membership in a Distributed System," bearing attorney docket no. 
06502.001 1-03000, and filed on the same date herewith. 

U.S. Patent Application No. 09/044,9 1 6, entitled "Leasing for Failure Detection," bearing 
attorney docket no. 06502.001 1 -04000, and filed on the same date herewith. 

U.S. Patent Application No. 09/044,933, entitled "Method for Transporting Behavior in 
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Hashes to Identify Remote Methods," bearing attorney docket no. 06502.0103-00000, and filed 
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bearing attorney docket no. 06502.0105-00000, and filed on the same date herewith. 

U.S. Patent Application No. 09/044,917, entitled "Suspension and Continuation of 
Remote Methods," bearing attorney docket no. 06502.0106-00000, and filed on the same date 
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and Multi-Template Matching in a Database," bearing attorney docket no. 06502.0107-00000, 
and filed on the same date herewith. 

U.S. Patent Application No. 09/044,839, entitled "Method and System for In-Place 
Modifications in a Database," bearing attorney docket no. 06502.0108, and filed on the same 
date herewith. 

U.S. Patent Application No. 09/044,945, entitled "Method and System for Typesafe 
Attribute Matching in a Database," bearing attorney docket no. 06502.0109-00000, and filed on 
the same date herewith. 
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Distributed System," bearing attorney docket no. 06502.01 10-00000, and filed on the same date 
herewith. 

U.S. Patent Application No. 09/044,939, entitled "Apparatus and Method for Providing 
Downloadable Code for Use in Communicating with a Device in a Distributed System," bearing 
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U.S. Patent Application No. 09/030,840, entitled "Method and Apparatus for Dynamic 
Distributed Computing Over a Network," and filed on February 26, 1998. 

U.S. Patent Application No. 09/044,936, entitled "An Interactive Design Tool for 
Persistent Shared Memory Spaces," bearing attorney docket no. 06502.01 16-00000, and filed 
on the same date herewith. 

U.S. Patent Application No. 09/044,915, entitled "Stack-Based Access Control," bearing 
attorney docket no. 06502.01 18-00000, and filed on the same date herewith. 

U.S. Patent Application No. 09/044,944, entitled "Stack-Based Security Requirements," 
bearing attorney docket no. 06502.01 19-00000, and filed on the same date herewith. 

U.S. Patent Application No. 09/044,837, entitled "Per-Method Designation of Security 
Requirements," bearing attorney docket no. 06502.0120-00000, and filed on the same date 
herewith. 

Field of the Invention 

This invention relates generally to local area networks and, more specifically, to token 
passing in a token ring local area network. 

Background of the Invention 

Computers in a computer network often share a limited number of resources. One 
conventional method of allocating access between shared resources involves passing a "token" 
circularly to each computer in the network. The computers agree ahead of time that when using 
this token protocol, only the computer that has possession of the token may access the resource. 
A popular example of a network using a token passing algorithm is a token ring network. 

Token ring networks are baseband networks, which means that all the transmission 
capacity (i.e., network bandwidth) of the network media is used by one signal. Because only one 
signal at a time can be transmitted over the network, multiple computers in a token ring network 
must not transmit simultaneously. This is accomplished using a token access protocol. 
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In the token access protocol, computers in the network agree to continuously circulate 
an information frame to all the computers in the network. When a computer wants to send a 
message, it waits until it possesses the empty frame, and then modifies the frame by inserting: 
its message, a destination identifier, and a "token " The token may simply be, for example, a bit 
field in the frame that the inserting computer changes to a 1 to indicate a token is present or a 
0 to indicate an empty frame. 

The frame is examined by each computer as it is passed around the network. The 
destination computer copies the message from the frame and changes the token back to zero. 
The originating computer, when it receives the frame, can verify that its message was received 
by noticing that the token has been set to zero. The originator then removes the message from 
the frame and passes the empty frame to the next computer in the network. 

Although conventional token ring networks are effective at preventing data collisions, 
they have disadvantages. In particular, in order to implement a token ring network, all the 
computers in the network must agree ahead of time on the appropriate protocol to use in passing 
the message frame. This can be difficult, if, for example, the network administrator wishes to 
change the protocol of the token ring, as each computer must be updated before the network is 
operational. It is therefore desirable to improve token ring networks. 

Summary of the Invention 

Objects and advantages of the invention will be set forth in part in the description which 

follows, and in part will be obvious from the description, or may be learned by practice of the 
invention. The objects and advantages of the invention will be realized and attained by means 
of the elements and combinations particularly pointed out in the appended claims. 

To achieve the objects and in accordance with the purpose of the invention, as embodied 
and broadly described herein, a first aspect consistent with the present invention includes a 
method of updating a protocol for controlling a computer network including a plurality of 
computers, the method comprises the steps of: (1) creating a token object containing methods 
defining an updated version of the protocol; (2) sequentially passing the token object to each 
computer in the network; and (3) updating the protocol used by each of the plurality of 
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computers with the methods defining the updated version of the protocol while the token object 
is present at each computer. 

A second aspect consistent with the present invention is directed to a token ring network. 

The network comprises a plurality of computers coupled together and a token ring object. The 
token ring object includes methods and data that define a protocol for the token ring network, 
the token ring object is sequentially transferred to each of the plurality of computers, and when 
one of the plurality of computers has received possession of the token ring object, it adopts the 
protocol defined by the token ring object when the protocol defined by the token ring object is 
different than the protocol in use by the computer. 

Further, a third aspect consistent with the present invention includes a method of 

updating a protocol for controlling a computer network. The method includes the steps of: (1 ) 
receiving a token object at a first computer in the network; (2) consulting the token object, and 
when the token object indicates that a new protocol is to be used to transmit information on the 
network, updating an older version of the protocol stored at the first computer; and (3) 
transmitting the token object to a second computer in the network, the second computer being 
determined based on information in the token object. 

Further, an additional aspect consistent with the present invention includes a method of 

updating a protocol for controlling a computer network. The method includes the steps of: (1 ) 
receiving a token object defining a protocol of the network; and (2) sending the object using the 
protocol defined in the token object. 

Still further, an additional aspect consistent with the present invention includes a 

computer readable memory device containing token including an indication of a protocol to be 
used when communicating in a network. 

Brief Description of the Drawings 

The accompanying drawings, which are incorporated in and constitute a part of this 
specification, illustrate several embodiments consistent with this invention and, together with 
the description, help explain the principles of the invention. In the drawings, 

Fig. 1 is a high-level diagram of a token ring network; 
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Fig. 2 is a block diagram illustrating an exemplary embodiment of a computer used in 
the token ring network; 

Fig. 3 is a diagram illustrating an embodiment of a token object consistent with the 
present invention; and 

Fig. 4 is a flow chart illustrating methods consistent with the present invention. 

Detailed Description 

A token ring network is disclosed in which tokens passed between computers in the 
network define a protocol, or at least a portion of the protocol, for the token ring network. Each 
computer in the network that receives the token examines the token and implements the network 
protocol specified in the token. Any computer having appropriate permission may change or 
update the protocol in the token, and thereby change the protocol for the entire network. 

Reference will now be made in detail to the embodiments of the invention, examples of 
which are illustrated in the accompanying drawings. 

System Overview 

Fig. 1 is a high level diagram of a token ring network 100 made up of four distributed 
computers 102, 104, 106, and 108 passing a token object in the counter clockwise direction 
through network media 120. The token object is preferably passed between computers 102-108 
using some form of remote obj ect passing mechanism, such as the Javaremote invocation system 
(Java RMI). Additionally, one of computers 1 02-108 may act as a gateway to a larger token ring 
network or to a non token ring network. As shown in Fig. 1 , computer 1 06 acts as a gateway to 
the Internet network 110. 

In exemplary distributed system 100, different computers and devices are federated into 
what appears to the user to be a single system. By appearing as a single system, the distributed 
system 1 00 provides the simplicity of access and the power of sharing that can be provided by 
a single system without giving up the flexibility and personalized response of a personal 
computer or workstation. Distributed system 100 may contain thousands of devices operated 
by users who are geographically disperse, but who agree on basic notions of trust, 
administration, and policy. 
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Within the distributed 100 system are various logical groupings of services provided by 
one or more devices, and each such logical grouping is known as a Djinn. A "service" refers to 
a resource, data, or functionality that can be accessed by a user, program, device, or another 
service and that can be computational, storage related, communication related, or related to 
providing access to another user. Examples of services provided as part of a Djinn include 
devices, such as printers, displays, and disks; software, such as applications or utilities; 
information, such as databases and files; and users of the system. 

Both users and devices may join a Djinn. When joining a Djinn, the user or device adds 
zero or more services to the Djinn and may access, subject to security constraints, any one of the 
services it contains. Thus, devices and users federate into a Djinn to share access to its services. 
The services of the Djinn appear programmatically as objects of the Java programming 
environment, which may include other objects, software components written in different 
programming languages, or hardware devices. A service has an interface defining the operations 
that can be requested of that service, and the type of the service determines the interfaces that 
make up that service. 

The Java RMI and its relationship with computers 1 02-1 08 and token ring network 1 00 
will now briefly be described with reference to Fig. 2. 

Fig. 2 depicts computer 102 in greater detail showing a number of the software 

components of the distributed system 1 00. Computer 1 02 includes a memory 202, a secondary 
storage device 204, a central processing unit (CPU) 206, an input device 208, and a video 
display 210. The memory 202 includes a lookup service 212, a discovery server 214, and a 
Java™ runtime system 216. The Java runtime system 216 includes the Java™ remote method 
invocation system (RMI) 218 and a Java™ virtual machine 220. The secondary storage device 
204 includes a JavaSpace™ 222. 

The exemplary distributed system 100 is based on the Java programming environment 
and thus makes use of the Java runtime system 216. The Java runtime system 216 includes the 
Java API, allowing programs running on top of the Java runtime system to access, in a platform- 
independent manner, various system functions, including windowing capabilities and networking 
capabilities of the host operating system. Since the Java API provides a single common API 
across all operating systems to which the Java runtime system is ported, the programs ru nn i n g 
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on top of a Java runtime system run in a platform-independent manner, regardless of the 
operating system or hardware configuration of the host platform. The Java runtime system 216 
is provided as part of the Java software development kit available from Sun Microsystems of 
Mountain View, CA. 

The Java virtual machine 220 also facilitates platform independence. The Java virtual 
machine 220 acts like an abstract computing machine receiving instructions from programs in 
the form of byte codes and interpreting these byte codes by dynamically converting them into 
a form for execution, such as object code, and executing them. RMI 218 facilitates remote 
method invocation by allowing objects executing on one computer or device to invoke methods 
of an object on another computer or device. Both RMI and the Java virtual machine are also 
provided as part of the Java software development kit. 

The lookup service 212 defines the services that are available for a particular Djinn. That 
is, there may be more than one Djinn and, consequently, more than one lookup service within 
the exemplary distributed system 100. The lookup service 212 contains one object for each 
service within the Djinn, and each object contains various methods that facilitate access to the 
corresponding service. The lookup service 212 and its access are described in greater detail in 

co-pending U.S. Patent Application No. , entitled "Method and System for 

Facilitating Access to a Lookup Service," which has been previously incorporated by reference. 

The discovery server 214 detects when a new device is added to the exemplary 
distributed system 100, during a process known as boot and join or discovery, and when such 
a new device is detected the discovery server passes a reference to the lookup service 212 to the 
new device so that the new device may register its services with the lookup service and become 
a member of the Djinn. After registration, the new device becomes a member of the Djinn, and 
as a result, it may access all the services contained in the lookup service 212. The process of 
boot and join is described in greater detail in co-pending U.S. Patent Application No. 

, entitled "Apparatus and Method for providing Downloadable Code for Use in 

Communicating with a Device in a Distributed System," which has previously been incorporated 
by reference. 
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The JavaSpace 222 is an object repository used by programs within the exemplary 
distributed system 100 to store objects. Programs use the JavaSpace 222 to store objects 
persistently as well as to make them accessible to other devices within the exemplary distributed 
system. Java spaces are described in greater detail in co-pending U.S. Patent Application No. 
08/971,529, entitled "Database System Employing Polymorphic Entry and Entry Matching/' 
assigned to a common assignee, filed on November 17, 1997, which is incorporated herein by 

» 

reference. One skilled in the art will appreciate that the exemplary distributed system 100 may 
contain many lookup services, discovery servers, and JavaSpaces. 

Although systems and methods consistent with the present invention are described as 
operating in the exemplary distributed system and the Java programming environment, one 
skilled in the art will appreciate that the present invention can be practiced in other systems and 
other programming environments. Additionally, although aspects of the present invention are 
described as being stored in memory, one skilled in the art will appreciate that these aspects can 
also be stored on or read from other types of computer-readable media, such as secondary 
storage devices, like hard disks, floppy disks, or CD-ROM; a carrier wave from the Internet; or 
other forms of RAM or ROM. Sun, Sun Microsystems, the SunLogo, Java, and Java-based 
trademarks are trademarks or registered trademarks of Sun Microsystems Inc. in the United 
States and other countries. 

Polymorphic Token Passing 

A token ring network consistent with the present invention passes a polymorphic token 
object around the network in place of the static token frame used in conventional token ring 
networks. The passing of the token object is preferably implemented using a distributed object- 
oriented programming environment, such as Java RMI (described above). Java RMI is 
especially suitable to the present invention, as it provides for the automatic management of 
distributed objects and the ability to easily pass objects from machine to machine on a network. 

Fig. 3 is a diagram illustrating an exemplary token 302 and its relationship with a token 
class hierarchy 304. Token 302 is preferably implemented using an object data structure, and 
as such, may include functionality (e.g., methods) and data. As used throughout this 
specification, and as generally used in the in object-oriented programming field, a class refers 
to a template from which objects may be defined. An object is an instance of a particular class 
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and can include attribute information that distinguishes obj ects of the same class. Obj ects inherit 
behavior from the class they depend from. Token object 302, for example, is an instance of, and 
inherits behavior from, "secure token" class 305, which in turn inherits behavior from "general 
token" class 303. 

As shown, token object 302 includes method(s) 310 defining the token passing order 
in the network (e.g., counter clock-wise), method(s) 311 defining a distress protocol to be used 
by a malfunctioning computer, method(s) 312 defining network diagnostic checking routines, 
and method(s) 313 defining security measures to be implemented by the network. In the context 
of conventional token ring networks, token ring protocols that implement the functionality 
defined by methods 310-313 are well known, and accordingly, a detailed description of these 
methods is omitted. 

Token 302 also includes a message data field 314, a destination data field 315, and a 
token data field 316, each of which is directly analogous to the message, message identifier, and 
token described above regarding the conventional token ring network frame. 

Token class 303 defines the general functionality required by a "token." Classes and 
objects defined from the general class 303 inherit this functionality. As shown, token class 303 
implements, or partially implements, methods 3 1 0-3 1 2 and fields 3 1 4-3 1 6. Secure token class 
305 is a subclass of class 303, and as such, class 305 inherits the functionality of class 303. 
Additionally, subclass 305 may define its own methods and variables, including, for example, 
method(s) 313 defining network security measures. Quick token 306 is also a subclass of class 
303. Quick token 303 may include, for example, method(s) 3 1 7 that further define the passing 
order defined in method(s) 310. 

In operation, each computer in network 100 examines the token object it receives and, 
based on this examination, modifies the protocol it uses to implement the token ring network. 
If a computer wishes to change the token network protocol of the network, the computer simply 
changes methods in the token object by either updating, overriding, or adding a new method. 
As the token object propagates through the network, the new protocol is implemented. 

Fig. 4 is a flow chart illustrating methods consistent with the present invention. 
Preferably, to ensure network integrity, only authorized computers should be able to modify the 
token ring network protocol. If a computer wishes to modify the protocol, (step 402), and it has 
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appropriate authority, (step 403), it modifies the protocol simply by adding or substituting, when 
it has control of the token object, its new methods that define the token ring protocol (step 404). 
Whether a computer has authorization to modify the network protocol may be indicated by, for 
example, a field in the token, or pre-hardwired into the computers in network 100. 

Each computer in network 100 that receives the token object consults the token object 
and, if necessary, updates its version of the network protocol (step 405). The computer may then 
appropriately operate on the token and pass the token to the next computer in the network (step 
406). 

As an illustration of the method shown in Fig. 4, assume a computer would like to change 
the present token object, which is an instance of secure token class 305, to a quick token object, 
which is an instance of class 306. Assuming the computer was authorized to change the token 
object, it would wait until it receives the secure token object, substitute the secure token object 
with the quick token object, consult the quick token object for the appropriate protocol, and then 
pass the quick token object to the next computer in the network. 

While there has been illustrated and described what are at present considered to be 
preferred embodiments and methods of the present invention, it will be understood by those 
skilled in the art that various changes and modifications may be made, and equivalents may be 
substituted for elements thereof without departing from the true scope of the invention. For 
example, while the foregoing systems and methods have been described with reference to a Java- 
based, runtime environment, other run-time environments could conceivably be used to 
implement the present invention. Further, although the above-discussed embodiment was 
discussed in the context of a token ring network, one of ordinary skill in the art will appreciate 
that token objects consistent with the present invention could be applied equally as welll to any 
token passing algorithm used by a network. 

In addition, many modifications may be made to adapt a particular element, technique 
or implementation to the teachings of the present invention without departing from the central 
scope of the invention. Therefore, it is intended that this invention not be limited to the 
particular embodiments and methods disclosed herein, but that the invention include all 
embodiments falling within the scope of the appended claims. 
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What is Claimed : 

1 . A method of updating a resource allocation protocol for controlling a computer 
network including a plurality of computers, the method comprising the steps of: 

creating a token object containing a method defining an updated version of the protocol; 

sequentially passing the token object to each computer in the network to facilitate 
communication between the computers; and 

updating the protocol used by each of said plurality of computers with the method 
defining the updated version of the protocol while the token object is present at one of the 
computers. ^ 

2. The method of claim 1, wherein the step of sequentially passing the token object to 
each computer in the network includes the substep of introducing the token object into the 
network by an authorized computer when the authorized computer is given control of a previous 
version of the token object 

3. The method of claim 1, wherein the step of sequentially passing the token object 
includes the substep of transmitting a token obj ect defined with the Java programming language. 

4. The method of claim 3, wherein the step of sequentially passing the token object 
further includes the substep of transmitting the token object using the Java remote invocation 
system. 

5. The method of claim 1 , wherein the protocol carried out by the plurality of computers 
in the network implements a token ring computer network. 

6. The method of claim 1, wherein the step of creating the token object containing 
methods defining an updated version of the protocol further includes the substep of defining a 
new token passing order for the network. 
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7. A token ring network comprising: 

a token ring object including methods and data that define a protocol for the token ring 
network, 

a plurality of interconnected computers; and 

the token ring object being sequentially transferred to each of the plurality of computers 
to facilitate communication between the plurality of computers, and when one of said plurality 
of computers has received possession of the token ring object, adopting the protocol defined by 
the token ring object when the protocol defined by the token ring object is different than the 
protocol in use by the computer. 

8. The network of claim 7, wherein each of said plurality of computers further includes 
a remote object passing mechanism to transfer the token object to other of the plurality of 
computers. 

9. The network of claim 8, wherein each of said plurality of computers further includes 
a virtual machine on which the remote object passing mechanism is implemented. 

10. A method of updating a protocol for controlling a computer network comprising the 
steps of: 

receiving a token object at a first computer in the network; 

consulting the token object, and, when the token object indicates that a new protocol is 
to be used to transmit information on the network, updating an older version of the protocol 
stored at the first computer; and 

transmitting the token object to a second computer in the network, the second computer 
being determined based on information in the token object. 

1 1 . The method of claim 1 0, further including the step of introducing an updated version 
of the token object into the network. 



WO 99/44334 



PCT/US99/04069 



14 

12. The method of claim 10, wherein the step of transmitting the token object includes 
the substep of transmitting the token object using the Java remote invocation system. 

13. The method of claim 1 1, wherein the step of introducing an updated version of the 
token object further includes the substep of defining a new token transmission order for the 
network. 

14. A computer readable medium containing instructions for causing computers to 
update a protocol used to control a computer network, the instructions causing the computers to 
perform the steps of: 

creating a token object containing methods defining an updated version of the protocol; 
sequentially passing the token object to each of the computers; and 
updating the protocol used by each of the computers with the methods defining the 
updated version of the protocol while the token object is present at said each computer. 

1 5 . The computer readable medium of claim 14, wherein the instructions for causing the 
computers to perform the step of sequentially passing the token object to each of the computers 
includes the substep of introducing the token object to the computers by an authorized computer 
when the authorized computer is given control of a previous version of the token object. 

1 6. The computer readable medium of claim 1 4, wherein the instructions for causing the 
computers to perform the step of sequentially passing the token object includes the substep of 
transmitting the token object using the Java remote invocation system. 

17. The computer readable medium of claim 14, wherein the protocol carried out by the 
plurality of computers in the network implements a token ring computer network. 
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18. The computer readable medium of claim 14, wherein the instructions for causing the 
computers to perform the step of creating the token object containing methods defining an 
updated version of the protocol further includes the substep of defining a new token passing 
order for the network. 

19. A method for updating a protocol in a network comprising the steps of: 
receiving a token object defining a protocol of the network; and 

sending the token object using the protocol defined in the token object 

20. The method of claim 19, wherein the receiving step includes the substep of receiving 
the token object at a first computer in the network and the sending step includes the substep of 
transmitting the object to a second computer in the network. 

21. The method of claim 19, further including the step of sequentially sending the token 
object to each computer in the network. 

22. The method of claim 1 9, further including the step of introducing an updated version 
of the token object into the network. 

23. A computer readable memory device containing: 

a token including an indication of a protocol to be used when communicating in a 
network. 

24. The computer readable memory device of claim 23, wherein the token is an object. 

25. The computer readable medium of claim 23, wherein the token further includes a 
method for defining a token passing order in the network. 

26. The computer readable medium of claim 23, wherein the token further includes 
methods defining network diagnostics. 
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27. The computer readable medium of claim 23, wherein the token further includes a 
message data field and a destination data field. 

28 The computer readable medium of claim 23, wherein the token further includes 
methods defining security procedures for the network. 
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